Skip to main content

Configure network access to an OpenSearch cluster

By default, in clusters with a public subnet, connections are allowed from all IP addresses, provided a login and password are used.

Connections to a cluster in a private subnet are allowed from the cluster's subnet and from subnets associated with the cluster's subnet via a cloud router.

You can restrict access to a Managed Database cluster using security groups.

Any changes to network access settings are the client's responsibility.

Security groups in a Managed Database cluster

A security group in a Managed Database cluster is a set of rules for filtering incoming and outgoing cluster traffic. For security groups to function, traffic filtering (port security) must be enabled in the network.

If filtering is enabled in the network, a default security group is assigned to all ports in that network, which allows all traffic to pass through the ports. You can assign a different security group when creating a cluster or in an existing cluster.

In addition to the security groups you select when creating a cluster, a service security group is automatically assigned to the Managed Database cluster network ports. This group supports cluster operation and cannot be modified or deleted. The service group is only visible in the OpenStack CLI and Terraform.

Read more about security groups in the Security Groups section.

Assign a security group in an existing cluster

warning

After assigning the group, all active sessions that do not comply with the group's rules will be terminated.

  1. Ensure that traffic filtering (port security) is enabled in the cluster network. To do this, in the Control Panel, go to the top menu and click ProductsCloud ServersNetwork → the Private networks or Public networks tab. Networks with filtering enabled are marked with a .

    If filtering is disabled, to use security groups, create a new cluster in a new subnet or in a subnet with traffic filtering enabled.

  2. In the Control Panel, go to the top menu, click Products and select Managed Databases.

  3. Open the Active tab.

  4. Open the database cluster page → Settings tab.

  5. In the Security block, click Edit.

  6. Select the security group you want to assign to all ports in the cluster network.

  7. Click .